Subnet with DHCP and DNS

2017-11-01 04:53 UTC

Xyne

About

I often use quickserve for ad-hoc file sharing, but getting a reliable connection through WLAN is not always possible. To save myself time and frustration I finally ended up writing some scripts to launch a matching ad-hoc DHCP server so that I can quickly and easily set up a direct connection to someone else’s computer regardless of what OS they use. Once I had that working I figured I may as well learn how to set up a DNS server on the subnet and then forward an internet connection from one subnet to another. This is how I did it.

Throughout this guide I will refer to the network interface card facing the external router as nic1 and the network interface card facing the created subnet as nic2.

Some examples of what nic1 could be:

a wired adapter named eth0 that connects to a router

a wireless adapter named wlan0 that connects to a local wifi network

a tunnel adapter named tun0 that connects to a VPN and to which you wish to forward connections from the subnet you will create

Likewise, some examples of what nic2 could be:

a wired adapter named eth1 that connects to another computer directly or to a switch to which other computers are connected

a wireless adapter named wlan1 configured as a wireless access point to which other computers will connect

a tunnel adapter named tun1 connected to a VPN with other computers on it1

Of course, depending on the actual setup you may not need or want DHCP, DNS and forwarding. If you just want to connect to another computer directly with a cable on e.g. eth0 then you would only need the DHCP server, for example. It is left to the user to determine which parts of this guide are relevant in each case.

Network Topology Example

Here is a graph to visualize what this achieves in the simplest case:

Here nic1 might be wlan0 and nic2 might be eth0. The client might be the laptop of a friend to whom you don’t want to give your super-secret WPA key, or with whom you want to share some large files quickly over a cabled connection. The client will have access to subnet 1 and thus the internet via your computer and you will be able to communicate directly with the client.

This setup is obviously unaffected by the addition of peers to subnet 1. To add more clients to subnet 2 a switch could be used if nic2 is a wired interface, for example. If it is a wireless access point then no additional hardware would be needed. Regardless of the physical connections, the configuration is the same and can be used for topologies such as the following example.

Packages

You will need the following packages:

DHCP server

A DHCP server will let different systems connect automatically to the subnet without manual network configuration.

This creates a subnet with address 10.0.0.0 and a DHCP and DNS server at 10.0.0.100. If you do not plan to run a local DNS server then change the domain-name-servers setting to a publically available DNS server (e.g. opendns), or grab one from /etc/resolv.conf.

DNS

Unbound

If you are running the Unbound DNS server then you will require the following lines, which should match the subnet IP address and mask below:

Firewall Settings

Now comes the tricky part if you have a restrictive firewall. If not, you can probably skip most of this except for enabling forwarding.

The following script will make the necessary changes to Netfilter (iptables) to get things running. Note that it makes some assumptions:

these rules do not overlap with existing rules

forwarding is disabled by default and should be disabled when the server is brought down

Also note that on my system I actually use idemptables, which is an iptables wrapper that checks for existing rules to avoid appending duplicates to a table and then checks that all matching rules have been removed when deleting them. This is not necessary but it ensures consistency.

Invoke the script with the name of the interface that connects to the internet, the name of the interface that connects to the subnet, and either “up” or “down” to bring up or shut down the subnet, respectively.

The script expects the following files to be in the same directory:

launch_subnet.sh. The function contains comments to explain exactly what it is doing. Read them to understand how to set up everything manually. Also note that the function is simply a starting point and you should adapt it to suit your specific needs. See the highlighted code below.

dhcpd.conf (see above). Note that the IP addresses in the script must match those in the dhcpd.conf file.

Subnet Via Wireless Access Point

To create a wireless subnet you will need to configure nic2 as a wireless access point via hostapd.

Hostapd Configuration Example

The following is a hostapd configuration file that I have successfully used with 300 Mb/s D-Link wireless network card. It should provide a starting point to configure your own wireless access point in conjunction with the settings above. In this case “nic2” would be “wlan0” and “nic1” would be something else (e.g. “eth0”).